AbyssV3 wrote:Eh, the solution that I eventually got to work, shouldn't work.

In fact I took the code and tested it, and tried the solution, and it didn't work in a real environment.

I got past this, but login should be theoretically always impossible. Unless I'm missing something? If I'm not, this mission is wrong.

"This site in run by a new sysadmin who does not know much about web configuration"I think the exploit is based on the PHP configuration, or it could be some bug in a previous version of PHP or something. I'm pretty sure I've seen something similar in some other site too, so it should be correct.

So it seems that once, this probably would have been a common exploit used, but as of PHP 6.0.0, this feature is disabled by default (which is probably why it didn't work on your test server). So even if the sysadmin didn't know what he/she was doing while configuring the server, it is unlikely that he/she would have messed this up.

Regardless, it is still a good thing to know about as apparently register_globals can be used safely, so it's something to look for.